fix(tools): catch pkill/killall targeting hermes/gateway/cli.py process#3402
Closed
JasonOA888 wants to merge 1 commit into
Closed
fix(tools): catch pkill/killall targeting hermes/gateway/cli.py process#3402JasonOA888 wants to merge 1 commit into
JasonOA888 wants to merge 1 commit into
Conversation
The allows pkill/killall commands that target hermes, gateway, or cli.py processes to be caught by the DANGEROUS_PATTERNS approval system. Fixes NousResearch#3397 The issue reported that running \`pkill -f \"cli.py --gateway\"\` from within a Telegram gateway killed the hermes-agent. The existing \`pkill -9` pattern only catches SIGKILL (signal 9), but \`pkill -f\` (filter by name) bypasses all guards. The new pattern catches: - pkill/killall with hermes/gateway/cli.py in the arguments - Works for pkill, pkill -f, killall, killall -r, etc. Example commands now caught: pkill -f \"cli.py --gateway\" -> blocked pkill hermes -> blocked killall gateway -> blocked pkill -f hermes-agent -> blocked Safe (not over-matching): pkill -f some_unrelated -> not matched echo gateway -> not matched kill 12345 -> not matched (caught by existing kill -9 pattern)
Contributor
|
Duplicate of #3400, merged via #3593. Thanks @JasonOA888! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #3397
Problem
The agent can self-terminate by running
pkill -f "cli.py --gateway",which kills the gateway process from within itself.
This variant of #2617 but but uses process-name targeting instead of a known PID.
The existing
DANGEROUS_PATTERNScatchpkill -9(force kill) but notpkill -f(filter by name pattern). Anypkill/killalltargetinghermes,gateway, orcli.pybypasses all guards.Fix
Add a pattern that catches
pkill/killallcommands targeting hermes/gateway/cli.py processes:This reuses the existing approval flow — in gateway mode it sends an approval request, to the user, in CLI mode it prompts interactively.
Note: placed immediately after the existing
pkill -9pattern to ensure all pkill variants (with or without flags) are caught.Testing
Verified against the cases from the bug report:
pkill -f "cli.py --gateway"→ caught (pkill + cli.py)pkill hermes→ caughtkillall gateway→ caughtkillall cli.py→ caughtecho gateway→ not caughtps aux | grep hermes→ not caught (no pkill/killall)